package com.google.code.jscep.server;

import com.google.code.jscep.asn1.IssuerAndSubject;
import com.google.code.jscep.pkcs7.MessageData;
import com.google.code.jscep.pkcs7.PkiMessage;
import com.google.code.jscep.pkcs7.PkiMessageParser;
import com.google.code.jscep.pkcs7.SignedDataGenerator;
import com.google.code.jscep.request.Operation;
import com.google.code.jscep.response.Capability;
import com.google.code.jscep.transaction.MessageType;
import com.google.code.jscep.util.LoggingUtil;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.PKCS10CertificationRequest;

/* loaded from: input_file:com/google/code/jscep/server/ScepServlet.class */
public abstract class ScepServlet extends HttpServlet {
    private static final String GET = "GET";
    private static final String POST = "POST";
    private static final String MSG_PARAM = "message";
    private static final String OP_PARAM = "operation";
    private static Logger LOGGER = LoggingUtil.getLogger("com.google.code.jscep");
    private static final long serialVersionUID = 1;

    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        LOGGER.entering(getClass().getName(), "service");
        try {
            Operation operation = getOperation(httpServletRequest);
            if (operation == null) {
                httpServletResponse.setStatus(400);
                PrintWriter writer = httpServletResponse.getWriter();
                writer.write("Missing \"operation\" parameter.");
                writer.flush();
                return;
            }
            LOGGER.fine("Incoming Operation: " + operation);
            String method = httpServletRequest.getMethod();
            if (operation == Operation.PKIOperation) {
                if (!method.equals(POST) && !method.equals(GET)) {
                    httpServletResponse.setStatus(405);
                    httpServletResponse.addHeader("Allow", "GET, POST");
                    return;
                }
            } else if (!method.equals(GET)) {
                httpServletResponse.setStatus(405);
                httpServletResponse.addHeader("Allow", GET);
                return;
            }
            LOGGER.fine("Method " + method + " Allowed for Operation: " + operation);
            if (operation == Operation.GetCACaps) {
                doGetCACaps(httpServletRequest, httpServletResponse);
            } else if (operation == Operation.GetCACert) {
                doGetCACert(httpServletRequest, httpServletResponse);
            } else if (operation == Operation.GetNextCACert) {
                doGetNextCACert(httpServletRequest, httpServletResponse);
            } else {
                httpServletResponse.setHeader("Content-Type", "application/x-pki-message");
                PkiMessage parse = new PkiMessageParser().parse(getBytes(httpServletRequest.getInputStream()));
                MessageType messageType = parse.getMessageType();
                MessageData messageData = parse.getPkcsPkiEnvelope().getMessageData();
                if (messageType == MessageType.GetCert) {
                    IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(messageData.getContent());
                    getCertificate(issuerAndSerialNumber.getName(), issuerAndSerialNumber.getCertificateSerialNumber().getValue());
                } else if (messageType == MessageType.GetCertInitial) {
                    IssuerAndSubject issuerAndSubject = new IssuerAndSubject(messageData.getContent());
                    X509Certificate certificate = getCertificate(issuerAndSubject.getIssuer(), issuerAndSubject.getSubject());
                    SignedDataGenerator signedDataGenerator = new SignedDataGenerator();
                    signedDataGenerator.addCertificate(certificate);
                    httpServletResponse.getOutputStream().write(signedDataGenerator.generate().getDEREncoded());
                } else if (messageType == MessageType.GetCRL) {
                    IssuerAndSerialNumber issuerAndSerialNumber2 = new IssuerAndSerialNumber(messageData.getContent());
                    X509CRL crl = getCRL(new X500Principal(issuerAndSerialNumber2.getName().getDEREncoded()), issuerAndSerialNumber2.getCertificateSerialNumber().getValue());
                    SignedDataGenerator signedDataGenerator2 = new SignedDataGenerator();
                    signedDataGenerator2.addCRL(crl);
                    httpServletResponse.getOutputStream().write(signedDataGenerator2.generate().getDEREncoded());
                } else if (messageType == MessageType.PKCSReq) {
                    enrollCertificate((PKCS10CertificationRequest) messageData.getContent());
                }
            }
            LOGGER.exiting(getClass().getName(), "service");
        } catch (IllegalArgumentException e) {
            httpServletResponse.setStatus(400);
            PrintWriter writer2 = httpServletResponse.getWriter();
            writer2.write("Invalid \"operation\" parameter.");
            writer2.flush();
        }
    }

    private void doGetNextCACert(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("Content-Type", "application/x-x509-next-ca-cert");
        getNextCACertificate(httpServletRequest.getParameter(MSG_PARAM));
    }

    private void doGetCACert(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (getCACertificate(httpServletRequest.getParameter(MSG_PARAM)).size() == 1) {
            httpServletResponse.setHeader("Content-Type", "application/x-x509-ca-cert");
        } else {
            httpServletResponse.setHeader("Content-Type", "application/x-x509-ca-ra-cert");
        }
    }

    private byte[] getBytes(InputStream inputStream) {
        return new byte[0];
    }

    private Operation getOperation(HttpServletRequest httpServletRequest) {
        if (httpServletRequest.getParameter(OP_PARAM) == null) {
            return null;
        }
        return Operation.valueOf(httpServletRequest.getParameter(OP_PARAM));
    }

    private void doGetCACaps(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("Content-Type", "text/plain");
        Iterator<Capability> it = getCapabilities(httpServletRequest.getParameter(MSG_PARAM)).iterator();
        while (it.hasNext()) {
            httpServletResponse.getWriter().write(it.next().toString());
            httpServletResponse.getWriter().write(10);
        }
        httpServletResponse.getWriter().close();
    }

    protected abstract Set<Capability> getCapabilities(String str);

    protected abstract List<X509Certificate> getCACertificate(String str);

    protected abstract List<X509Certificate> getNextCACertificate(String str);

    protected abstract X509Certificate getCertificate(X509Name x509Name, BigInteger bigInteger);

    protected abstract X509Certificate getCertificate(X509Name x509Name, X509Name x509Name2);

    protected abstract X509CRL getCRL(X500Principal x500Principal, BigInteger bigInteger);

    protected abstract List<X509Certificate> enrollCertificate(PKCS10CertificationRequest pKCS10CertificationRequest);

    protected abstract PrivateKey getPrivate();
}
